- [ ] **robots & errors in /wp-comments-post.php (as in block-bad-requests.inc)** - [ ] non-attack 404: `logsearch.sh -e wpf2b_404|sed -ne 's|.*wpf2b_404 (s:[0-9]\+:"\([^"]*\)";).*|\1|p'|grep -vx "/[a-z/-]\+/\|.*\.jpg"|sort` + non-ascii post slugs - [ ] fake Googlebot, Referer: http://www.google.com `grep -hi ' "[^"]*Googlebot[^"]*"$' /var/log/apache2/*access.log|grep -v "^66\.249\."` - [ ] core: No filter for successful XMLRPC login in wp_authenticate() - [ ] write test.sh - [ ] robot requests not through `/index.php` (exclude: xmlrpc, trackback, see: wp_403()) - [ ] append: http://plugins.svn.wordpress.org/block-bad-queries/trunk/block-bad-queries.php - [ ] option to immediately ban on non-WP scripts (\.php$ \.aspx?$) - [ ] new: invalid user during lost password - [ ] new: invalid "lost password" token - [ ] log xmlrpc? `add_action( 'xmlrpc_call', function( $call ) { if ( 'pingback.ping' == $call ) {} } );` - [ ] log proxy IP: HTTP_X_FORWARDED_FOR, HTTP_INCAP_CLIENT_IP, HTTP_CF_CONNECTING_IP backed by mod_remoteip - [ ] registration errors: the dirty way `add_filter( 'login_errors', function ( $em ) { error_log( 'em:' . $em ); return $em; }, 0 );`
logsearch.sh -e wpf2b_404|sed -ne 's|.*wpf2b_404 (s:[0-9]\+:"\([^"]*\)";).*|\1|p'|grep -vx "/[a-z/-]\+/\|.*\.jpg"|sortgrep -hi ' "[^"]*Googlebot[^"]*"$' /var/log/apache2/*access.log|grep -v "^66\.249\."/index.php(exclude: xmlrpc, trackback, see: wp_403())add_action( 'xmlrpc_call', function( $call ) { if ( 'pingback.ping' == $call ) {} } );add_filter( 'login_errors', function ( $em ) { error_log( 'em:' . $em ); return $em; }, 0 );